Government regulations and industry standards drive security requirements in computing system environments for the protection of the resources and information they store. Unauthorized use of the resources, such as transmission and store-and-forward capabilities, can aid in illegal and malevolent activities, with loss of potential revenue to the equipment owner. Unauthorized access to data stored by the computing systems can lead to identity theft, fraud, and even loss of physical security of high-stakes facilities such as nuclear power plants, government buildings, chemical processing operations, etc.
Today, there are many regulations and standards with which businesses and other entities need to comply. For example:                (a) United States Title 21, Code of Federal Regulations (CFR), section 11 for the U.S. Food and Drug Administration (FDA) outlines how pharmaceutical manufacturers submit electronic records to the FDA. A key aspect of the electronic record is an affixed digital signature.        (b) The German Bundesdatenschutzgesetz, or “Federal Data Protection Act” demands strong controls from enterprises regarding how to collect, process and release personally identifiable information (PII). It particularly outlines protection requirements (access control and encryption).        (c) The United Kingdom's Data Protection Act of 1984, among other things, requires that PII is not propagated or transmitted outside European Union (EU) boundaries unless the owner has explicitly agreed to that.        (d) U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) mandates some specific usage of encryption for storing private personal health information (PHI).        
Regulations and laws such as these examples drive requirements in the areas of authorization, authentication, audit, encryption, etc., for owners and operators of certain computing enterprises. In addition to regulations, there are also business requirements, corporate policies, and from standardization bodies recommendations driving—increased demand for security capabilities in computing systems, such as secure firewalls to protect the network infrastructure or data masking requirements to protect sensitive information during application testing in development cycles.